General Actions:
Log-in
Wiki:
L3D's Wiki
▼
:
Document Index
»
Space:
XWiki
▼
:
Document Index
»
Page:
ConfigurableClass
Search
Page Actions:
Export
▼
:
Export as PDF
Export as RTF
Export as HTML
More actions
▼
:
Print preview
View Source
Welcome to your wiki
»
XWiki Space
»
XWiki.ConfigurableClass
Wiki source code of
XWiki.ConfigurableClass
Last modified by
Administrator
on 2011/03/02 17:34
Content
·
Comments
(0)
·
Attachments
(1)
·
History
·
Information
Show line numbers
{{velocity}} #* * This part takes the configuration from any documents containing XWiki.ConfigurableClass objects and creates a form * for each. To includeForm this document, you may specify: * * $section - String - The section which we are administrating eg: "Registration", "Users", or "Import". * If none is specified then it checks for a request parameter called "section" and uses that, * if no parameter, then this code assumes that it is part of the admin icons sheet and adds icons * for any section which is not in $sections, in that event, this code assumes it is being run * inside of a <ul> block. * * $sections - List<String> - If section is not specified, any sections on this list will not have icons made for them * the assumption being that the icons are already there. If section is specified then this * is not taken into account and may safely be undefined. * * $currentDoc - String (document.fullName) - The administration document, users who don't have permission to edit * it will not be able to include applications (possibly injecting * arbitrary code.) if none specified then $doc.getFullName() is used. * * $globaladmin - boolean - If set true then we will assume we are administrationg the entire wiki. * If not set then we look for a request parameter called "editor" if that exists and equals * "globaladmin" then $globaladmin is true, if it doesn't exist then we check to see if * $currentDoc.getFullName() equals "XWiki.XWikiPreferences". * * $doNotUnlockConfigurableDocuments - boolean - If true then this code will not make any attempt to unlock configurable * documents. By default it does because it locks any document in the * section which is being configured which would lead to a lot of stray * locks if they weren't all canceled. Only recommended if this page is * being included twice in the same page. *### ## Constants: #set($redirectParameter = 'xredirect') #set($nameOfThisDocument = 'XWiki.ConfigurableClass') ## ## Form submission depends on this. $xwiki.jsfx.use('js/xwiki/actionbuttons/actionButtons.js', true) ## #if(!$section) #set($section = $request.getParameter('section')) #end #if(!$currentDoc) #set($currentDoc = $doc.getFullName()) #end ## Get value of $globaladmin if not specified. #if("$!globaladmin" == '') #if($editor != 'globaladmin' && $request.getParameter('editor') != 'globaladmin' && $currentDoc != 'XWiki.XWikiPreferences') ## #set($globaladmin = false) #else #set($globaladmin = true) #end #end #set($currentSpace = $xwiki.getDocument($currentDoc).getSpace()) ## ## This application should not run with programming rights because it evaluates code which may not be trustworthy. ## Removing the next line will open a security hole. #sandboxDocument() ## ## This application locks every document in a section while that section is being edited so we should ## check for locks held by the current user on any of the applications configured here and remove them. #if(!$doNotUnlockConfigurableDocuments) #set($outputList = []) #findNamesOfAppsToConfigure("", $globaladmin, $currentSpace, $outputList)## ## We don't want to generate javascript which unlocks the current document just after we got finished locking it. #set($discard = $outputList.remove($currentDoc)) #unlockDocuments($outputList) #end ## ##------------------------------------------------------------------------------------------------------------ ## If $section exists then we are viewing the admin page for a particular section. ## eg: 'Registration', 'Presentation', 'Import' etc. ##------------------------------------------------------------------------------------------------------------ ## #if($section && $section != '') ## ## This is for keeping track of whether we have shown the heading yet or not. ## If the heading doesn't need to be shown, but an error occurs in processing, then we show the heading ## so that the user knows what the error relates to. #set($headingShowing = false) ## ## Searches the database for names of apps to be configured #set($outputList = []) #findNamesOfAppsToConfigure($section, $globaladmin, $xwiki.getDocument($currentDoc).getSpace(), $outputList) ## #foreach($appName in $outputList) ## ## Make sure the current user has permission to edit the configurable application. #set($userHasAccessToDocument = $xcontext.hasAccessLevel('edit', $appName)) ## ## If the document was not last saved by a user with edit privilege on this page ## then we can't safely display the page but we should warn the viewer. #if($userHasAccessToDocument) ## Get the configurable application #set($app = $xwiki.getDocument($appName)) ## #set($documentSavedByAuthorizedUser = false) #checkDocumentSavedByAuthorizedUser($app, $currentDoc, $documentSavedByAuthorizedUser) #end ## ## There is no need to display a heading unless: ## 1. There was already a section before this document. ## 2. This is not the first document in this section. ## ## If we are displaying the heading and there is an error to be shown Javascript will not strip the heading. #if(!$appName.equals($outputList.get(0)) || $sections.contains($section)) ## Create a document heading. #showHeading($appName, $headingShowing) #end ## #if(!$userHasAccessToDocument) #showHeading($appName, $headingShowing) {{error}}$msg.get('xe.admin.configurable.noPermissionThisApplication'){{/error}} #else ## #if(!$documentSavedByAuthorizedUser) #showHeading($appName, $headingShowing) {{error}}$msg.get('xe.admin.configurable.applicationAuthorNoAdmin', [$app.Author]){{/error}} #else ## ## Locking document ##------------------------------------------------------------------------------------------------------------ #if($app.getLocked()) #set($locked = true) #end ## If the document is locked and not by the current user and forceEdit is not set true, #if($locked && $app.getLockingUser() != $xcontext.getUser() && !$request.getParameter('forceEdit')) #set($requestURL = "$request.getRequestURL()") #if($requestURL.indexOf('?') == -1) #set($requestURL = "${requestURL}?") #end #showHeading($appName, $headingShowing) {{error}}$msg.get('doclockedby') $app.getLockingUser() [[$msg.get('forcelock')>>${requestURL}&forceEdit=1]]{{/error}} #else ## If the document is not already locked, attempt to acquire the lock. #if(!$locked) ## Try to use an AJAX call to lock the document. {{html wiki=true}} <noscript> {{warning}}$msg.get('xe.admin.configurable.cannotLockNoJavascript'){{/warning}} </noscript> <script type="text/javascript"> document.observe("xwiki:dom:loaded", function() { new Ajax.Request("$xwiki.getURL($app.getFullName(), 'lock', 'ajax=1')"); }); </script> {{/html}} #set($discard = $lockedDocumentNames.add($app.getFullName())) #end ##------------------------------------------------------------------------------------------------------------ ## Done Locking. ## ## Get all objects of the "ConfigurableClass" from this document. #set($allConfigurableObjs = $app.getObjects($nameOfThisDocument)) ## Separate out the objects which are for this section. #set($configurableObjs = []) #foreach($configurableObj in $allConfigurableObjs) #if($app.getValue('displayInSection', $configurableObj) == $section) ## If this is space admin, then don't display global, if global don't display space. #if($globaladmin == ($app.getValue('configureGlobally', $configurableObj) == 1)) #set($discard = $configurableObjs.add($configurableObj)) #end #end #end #if($configurableObjs.size() == 0) ## Internal error, not translated. #showHeading($appName, $headingShowing) {{error}}Internal error: All objects were filtered out for application: $appName.{{/error}} #else #set($formAction = $xwiki.getURL($app.getFullName(), 'save')) #set($formId = "${section.toLowerCase()}_${app.getFullName()}") #set($escapedAppName = $escapetool.xml($app.getFullName())) #foreach($configurableObj in $configurableObjs) ## Display the header if one exists. #set($heading = $app.getValue('heading', $configurableObj)) #if($heading && $heading != '') == #evaluate($heading) == #end ## #set($codeToExecute = "$!app.getValue('codeToExecute', $configurableObj)") #if($codeToExecute != '') (%class="codeToExecute"%)(((## #evaluate($codeToExecute)## ))) #end ## ## If propertiesToShow is set, then we will only show the properties contained therein. #set($propertiesToShow = $app.getValue('propertiesToShow', $configurableObj)) #if(!$propertiesToShow || $propertiesToShow.getClass().getName().indexOf('List') == -1) #set($propertiesToShow = []) #end ## ## If linkPrefix is set, then we will make each property label a link which starts with that prefix. #set($linkPrefix = "$!app.getValue('linkPrefix', $configurableObj)") ## ## If the Configurable object specifies a configuration class, use it, ## otherwise assume custom forms are used instead. #set($configClassName = "$!app.getValue('configurationClass', $configurableObj)") #if($configClassName != '') #set($objClass = $xwiki.getDocument($configClassName).getxWikiClass()) #if(!$objClass || $objClass.getClass().getName().indexOf('.Class') == -1) #showHeading($appName, $headingShowing) {{error}}$msg.get('xe.admin.configurable.configurationClassNonexistant'){{/error}} #else ## Use the first object from the document which is of the configuration class. #set($obj = $app.getObject($objClass.getName())) ## #if(!$obj || $obj.getClass().getName().indexOf('.Object') == -1) #showHeading($appName, $headingShowing) {{error}} $msg.get('xe.admin.configurable.noObjectOfConfigurationClassFound', [$objClass.getName(), $app.getFullName()]) {{/error}} #else ## ## Merge save buttons, remove headings from subsections, and make information links into popups. ## This is not done if there is only a custom defined form. $xwiki.jsx.use($nameOfThisDocument) ## ## We don't begin the form until we have content for it so that a configurable can specify a ## custom form in codeToExecute and if that configurable object is the first of it's kind in that ## document, the custom form will not be put inside of our form. #if(!$insideForm) ## We are opening a form and fieldset without closing it, thus we cannot clean this html. {{html clean=false}} <form id="$formId" method="post" action="$formAction"> <fieldset> {{/html}} #set($insideForm = true) #end #define($formHtml) #foreach($propName in $objClass.getPropertyNames()) #if($propertiesToShow.size() > 0 && !$propertiesToShow.contains($propName)) ## Silently skip over this property. #else <p> #set($prettyName = "#evaluate($app.displayPrettyName($propName, $obj))") ## App Name is prepended to for= to make label work with id which is modified to prevent collisions. <label for="${escapedAppName}_$objClass.getName()_$obj.getNumber()_$propName"> #if($linkPrefix != '') #set($linkScript = "$linkPrefix$propName") <a href="$escapetool.xml("#evaluate($linkScript)")">$escapetool.xml($prettyName)</a> #else $escapetool.xml($prettyName) #end </label> ## Step 1: Strip pre tags which $obj.display inserts, this won't affect content because it's escaped. #set($out = $obj.display($propName, 'edit').replaceAll('<[/]?pre>', '')) ## Step 2: Select only content between first < and last > because $obj.display inserts html macros. ## Careful not to remove html macros from the content because they are not escaped! ## Step 3: Prepend app name to all ID and FOR attributes to prevent id collision with multiple apps on one page. $out.substring($out.indexOf('<'), $mathtool.add(1, $out.lastIndexOf('>'))).replaceAll( " id='$objClass.getName()_$obj.getNumber()_$propName", " id='${escapedAppName}_$objClass.getName()_$obj.getNumber()_$propName").replaceAll( " for='$objClass.getName()_$obj.getNumber()_$propName", " for='${escapedAppName}_$objClass.getName()_$obj.getNumber()_$propName") </p> #end## If property is in propertiesToShow #end## Foreach property in this class #end## define $formHtml {{html}} $formHtml.toString() {{/html}} #end## If object exists #end## If class exists #end## If class name is specified. #end## Foreach configurable object found in this document ## If a form was started then we end it. #if($insideForm) ## This is closing an open form which was opened above, we cannot clean this html. {{html clean=false}} ## We add in a redirect field to prevent the user from being carried away when they save ## if they don't have javascript. #set($thisURL = $request.getRequestURL()) #if($request.getQueryString() && $request.getQueryString().length() > 0) #set($thisURL = "${thisURL}?$request.getQueryString()") #end <input type="hidden" id="${escapedAppName}_redirect" name="$redirectParameter" value="$escapetool.xml($thisURL)" /> <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /> </fieldset> <div class="bottombuttons"> <p class="admin-buttons"> <span class="buttonwrapper"> ## Text to display on the button. If there is a heading then this button should be labeled ## that it is for saving this section. Otherwise it should be a generic "save" button. #if($headingShowing) #set($buttonText = "$msg.get('admin.save') $escapedAppName") #else #set($buttonText = "$msg.get('admin.save')") #end <input class="button" type="submit" name="action_saveandcontinue" value="$buttonText" /> </span> </p> </div> ## bottombuttons </form> #set($insideForm = false) {{/html}} #end #end## If there are configurable objects #end## If document is not locked or forceEdit is enabled #end## If app author has permission to edit admin page #end## If the current user has permission to edit the configurable application. #end## Foreach document name in names to configure {{html}} <script type="text/javascript"> /* <![CDATA[ */ ## Alt+Shift+S presses the first saveAndContinue button it finds, not what we want so we will disable edit shortcuts. document.observe('xwiki:dom:loaded', function() { XWiki.actionButtons.EditActions = Object.extend(XWiki.actionButtons.EditActions, {addShortcuts : function() { }}); }); //]]> </script> {{/html}}## ## #else ## ##------------------------------------------------------------------------------------------------------------ ## If section is not set then we are viewing the main administration page. ##------------------------------------------------------------------------------------------------------------ ## ## If there is no list called sections then we set sections to an empty list. #if(!$sections || $sections.getClass().getName().indexOf('List') == -1) #set($sections = []) #end ## ## We have to create a list of documents which the current user doesn't have permission to view. ## So we can add an error message to the bottom of the page if there are any. #set($appsUserCannotView = []) ## ## A list of sections (to be added) which the user is not allowed to edit, icons will be displayed with a message #set($sectionsUserCannotEdit = []) ## List of sections to be added, in order by creationDate of oldest contained application. #set($sectionsToAdd = []) ## Map of URL of icon to use by the name of the section to use that icon on. #set($iconBySection = {}) ## #set($outputList = []) #findNamesOfAppsToConfigure("", $globaladmin, $currentSpace, $outputList) ## #foreach($appName in $outputList) ## ## Get the configurable application #set($app = $xwiki.getDocument($appName)) ## ## If getDocument returns null, then warn the user that they don't have view access to that application. #if(!$app) #set($discard = $appsUserCannotView.add($appName)) #end ## #set($configurableObjects = $app.getObjects($nameOfThisDocument)) #foreach($configurableObject in $configurableObjects) #set($displayInSection = $app.getValue('displayInSection', $configurableObject)) ## ## If there is no section for this configurable or if the section cannot be edited, then check if the ## application can be edited by the current user, if so then we display the icon from the current app and ## don't display any message to tell the user they can't edit that section. #if(!$sections.contains($displayInSection) || $sectionsUserCannotEdit.contains($displayInSection)) ## ## If there is no section for this configurable, then we will have to add one. #if(!$sections.contains($displayInSection) && !$sectionsToAdd.contains($displayInSection)) #set($discard = $sectionsToAdd.add($displayInSection)) #end ## ## If an attachment by the filename iconAttachment exists and is an image #set($attachment = $app.getAttachment("$app.getValue('iconAttachment', $configurableObject)")) #if($attachment && $attachment.isImage()) ## Set the icon for this section as the attachment URL. #set($discard = $iconBySection.put($displayInSection, $app.getAttachmentURL($attachment.getFilename()))) #end ## ## If the user doesn't have edit access to the application, we want to show a message on the icon #if(!$xcontext.hasAccessLevel("edit", $app.getFullName())) #if(!$sectionsUserCannotEdit.contains($displayInSection)) #set($discard = $sectionsUserCannotEdit.add($displayInSection)) #end #elseif($sectionsUserCannotEdit.contains($displayInSection)) ## If the user didn't have access to the section before but does have access to _this_ app which is ## configured in the section, then the section becomes accessible. #set($discard = $sectionsUserCannotEdit.remove($displayInSection)) #end #end## If section doesn't exist or user doesn't have access. #end## Foreach configurable object in this app. #end## Foreach application which is configurable. ## ## Now we go through sectionsToAdd and generate icons for them #set($defaultIcon = $xwiki.getAttachmentURL($nameOfThisDocument, 'DefaultAdminSectionIcon.png')) #if($globaladmin) #set($queryString = "editor=globaladmin&section=") #else #set($queryString = "space=${currentSpace}&section=") #if($request.getParameter('editor')) #set($queryString = "editor=$escapetool.url($request.getParameter('editor'))&$queryString") #end #end ## This is an html fragment and thus cannot be cleaned {{html clean=false}} #foreach($sectionToAdd in $sectionsToAdd) #set($icon = $iconBySection.get($sectionToAdd)) #if(!$icon) #set($icon = $defaultIcon) #end <li class="$escapetool.xml($sectionToAdd).replaceAll(' ', '_')"> #set($hasAccess = !$sectionsUserCannotEdit.contains($sectionToAdd)) #if($hasAccess) <a href="$xwiki.getURL($currentDoc, $xcontext.getAction(), "$queryString$escapetool.url($sectionToAdd)")"> #else <a title="$msg.get('xe.admin.configurable.sectionIconNoAccessTooltip')"> #end <span> <img src="$icon" alt="$escapetool.xml($sectionToAdd) icon"/> ## Try to translate the names of the sections, build the key by adding an "admin." in front. ## Not the best way to translate, but very inline with the way the translations are done in XWiki.AdminSheet for individual administration page titles. ## If there is no translation (translated message is equals to key), don't display the message key, but the section name instead. #if($msg.get("admin.${sectionToAdd.toLowerCase()}") != "admin.${sectionToAdd.toLowerCase()}") #set($sectionDisplayName = $msg.get("admin.${sectionToAdd.toLowerCase()}")) #else #set($sectionDisplayName = $sectionToAdd) #end $escapetool.xml($sectionDisplayName) </span> #if(!$hasAccess) <br/><span class="errormessage">$msg.get('xe.admin.configurable.sectionIconNoAccess')</span> #end </a> </li> #end {{/html}} ## Finally we display an error message if there are any applications which we were unable to view. #if($appsUserCannotView.size() > 0) {{error}}$msg.get('xe.admin.configurable.noViewAccessSomeApplications', [$appsUserCannotView]){{/error}} #end #end## If we should be looking at the main administration page. ## ##------------------------------------------------------------------------------------------------------------ ## The Macros, nothing below this point is run directly. ##------------------------------------------------------------------------------------------------------------ ## #* * * Any documents which are on the provided list ($documentNames) which are locked by the current user will be unlocked. * If this macro has programming rights, then they are unlocked programmatically, otherwise a javascript tag is * generated with ajax calls to cancel for all of the documents. If there are documents on this list which are not * locked by the current user, then they are ignored. * * @param $documentNames - List<String> - fullNames of documents which should be unlocked if they are locked by the * current user. *### #macro(unlockDocuments $documentNames) #if($documentNames.size() > 0) #set($sql = "doc.fullName=") #foreach($documentName in $documentNames) #set($sql = "${sql}'$documentName' or doc.fullName=") #end ## Trim the dangling ' or doc.fullName=?' #set($sql = $sql.substring(0, $sql.lastIndexOf(' or doc.fullName='))) #set($sql = ", XWikiLock lock where lock.docId=doc.id and lock.userName='$xcontext.getUser()' and (${sql})") #set($namesOfdocumentsToUnlock = $xwiki.searchDocuments($sql)) ## Use ajax and hope the user runs javascript. {{html}} <script type="text/javascript"> document.observe("dom:loaded", function() { #foreach($nameOflockedDocument in $namesOfdocumentsToUnlock) new Ajax.Request("$xwiki.getURL($nameOflockedDocument, 'cancel', 'ajax=1')"); #end }); </script> {{/html}}## #end## If output list size > 0 #end## Macro ## #* * Find names of documents which contain objects of the class 'XWiki.ConfigurableClass' * * @param $section - String - Look for apps which specify that they should be configured in this section, * if null or "" then returns them for all sections. * * @param $globaladmin - boolean - If true then we will look for applications which should be configured globally. * * @param $space - String - If not looking for apps which are configured globally, then this is the space where we * will look for apps in. If null or "" or if $globaladmin is true, then all spaces will be * searched. * * @param $outputList - List - The returns from this macro will be put in this list, passing the list as a parameter * a safety measure because macros can't return values. *### #macro(findNamesOfAppsToConfigure, $section, $globaladmin, $space, $outputList) ## Use a parameterized sql query to prevent injection. #set($params = []) #if($section && $section != '') #set($discard = $params.add("$section")) #set($sqlA = ' StringProperty as section,') #set($sqlB = " and section.id=obj.id and section.name='displayInSection' and section.value=?") #else ## Make sure they are "" in case they were set prior to calling the macro. #set($sqlA = '') #set($sqlB = '') #end ## Set up query based on value of $globaladmin #if($globaladmin == true) #set($sqlC = '1') #else #if($space && $space != '') #set($sqlC = '0 and doc.space = ?') #set($discard = $params.add($space)) #else #set($sqlC = '0') #end #end #set($sql = ", BaseObject as obj,$sqlA IntegerProperty as global where " + "doc.fullName=obj.name and obj.className='" + $nameOfThisDocument + "'$sqlB " + "and global.id=obj.id and global.name='configureGlobally' and global.value=$sqlC " + "order by doc.creationDate") ## ## Run the search #set($outputList = $xwiki.searchDocuments($sql, 0, 0, $params)) ## #end ## #* * If this document is saved with programming access or is includeForm'd into a document with programming, we have to * drop programming rights in order for it to run safely because it evaluates potentially untrustworthy code. *### #macro(sandboxDocument) #if($xcontext.hasProgrammingRights()) $xcontext.dropPermissions()## #end #end ## #* * Try to determine whether a document was edited by a user who has edit right on this page. This is tricky because * documents are imported with the name XWiki.XWikiGuest who has no access to anything after import. * * @param theDoc - Document who's editor should be checked for edit access on this document. *### #macro(checkDocumentSavedByAuthorizedUser, $docToCheck, $currentDoc, $hasAccess) ## The system is started and the only user is XWikiGuest who has admin right but gives it up when he imports the default ## documents, we are checking to see if this looks like the guest imported the document with the first import. #if($docToCheck.getWiki() == $xcontext.getMainWikiName() && $docToCheck.getVersion() == '1.1' && $docToCheck.getCreator() != $docToCheck.getContentAuthor() && $docToCheck.getContentAuthor() == 'XWiki.XWikiGuest') ## #set($userToCheck = $docToCheck.getCreator()) #else #set($userToCheck = $docToCheck.getAuthor()) #end #set($hasAccess = $xwiki.hasAccessLevel('edit', $userToCheck, $currentDoc)) #end ## #* * Show the heading for configuration for a given application. * * $appName (String) Name of the application to show configuration heading for. * * $headingAlreadyShowing (boolean) If true then we don't make another heading. Otherwise it is set to true. *### #macro(showHeading, $appName, $headingAlreadyShowing) #if(!$headingAlreadyShowing) #set($headingAlreadyShowing = true) = $msg.get("admin.customize") __[[$appName>>$appName]]__: = #end #end {{/velocity}}
Quick Links
L3D Calendar
Wiki Dashboard
Document Index
Blog
Sandbox
